A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #17753  by markusg
 Fri Jan 18, 2013 9:23 pm
hello friends,
SHA256:
be7f7c6a59bb2249f91b5f2392feeaa6c3f26aefc4bd391aa83651d7ca014c06 
File name:
awt43abr.exe 
Detection ratio:
4 / 46 
https://www.virustotal.com/file/be7f7c6 ... /analysis/
not sure, but i think this one belongs alto to infection:
SHA256:
a8a1102a2ab7609a7ca8e3d2107cf791f2f6ab4efad23c139f1a63068b977677 
File name:
temp12.exe 
(proxy trojan)?
https://www.virustotal.com/file/a8a1102 ... 358543996/
Attachments
(818.2 KiB) Downloaded 45 times
(146.97 KiB) Downloaded 46 times
 #17754  by EP_X0FF
 Sat Jan 19, 2013 3:45 am
markusg wrote:hello friends,
SHA256:
be7f7c6a59bb2249f91b5f2392feeaa6c3f26aefc4bd391aa83651d7ca014c06 
File name:
awt43abr.exe 
Detection ratio:
4 / 46 
https://www.virustotal.com/file/be7f7c6 ... /analysis/
not sure, but i think this one belongs alto to infection:
SHA256:
a8a1102a2ab7609a7ca8e3d2107cf791f2f6ab4efad23c139f1a63068b977677 
File name:
temp12.exe 
(proxy trojan)?
https://www.virustotal.com/file/a8a1102 ... 358543996/
awt43abr.exe  is Sirefef/ZeroAccess backdoor (CLSID vaiant) and temp12.exe is Kelihos.AN with WinpCap inside.

p.s. please next time post each malware sample as separate post so we can move posts respectively in dedicated topics, thanks.